> From: edr
> Sent: Friday, 11 March, 2022 03:59
>
> On 10.03.2022 20:27, Michael Wojcik wrote:
> > Personally, I'd be leery of using openssl ca for anything other than
> dev/test purposes, in which case frequent CRL generation seems unlikely to
> be a requirement. AIUI, openssl ca isn't really i
On 10.03.2022 20:17, Michael Ströder via openssl-users wrote:
>
> Are you 100% sure all the software used by your relying participants is
> capable of handling the X509v3 extensions involved?
>
> In practice I saw software miserably fail validating such certs and CRLs. Or
> also CAs failed to gen
> From: openssl-users On Behalf Of
> Michael Ströder via openssl-users
> Sent: Thursday, 10 March, 2022 12:17
>
> On 3/10/22 14:06, edr dr wrote:
> > At the same time, I do not want to store passwords used for
> > certificate creation in cleartext anywhere.
Personally, I'd be leery of using open
On 3/10/22 14:06, edr dr wrote:
I would like to be able to automate the process of updating CRLs in
order to be able to keep the CRL validity time short.
Understandable.
At the same time, I do not want to store passwords used for
certificate creation in cleartext anywhere.
It's a pity that the
